For every decision made, there are consequences, as we have already discussed above. The consequences may be not affect the decision maker and they are usually ignored as normal or expected. However, whether the consequences
are likely to result in harm or not, the decision maker needs to reflect on the outcomes of the decision. Decisions made must be based on and reflect
consequences, individual liberties, and justice. To achieve this, a decision maker may use a good ethical framework.
Guilt is our natural internal judgment system and punishing ourselves is based on our moral standards or the group’s standards. So guilt, therefore, plays a crucial part in ethical decision making. In the decision-making process, guilt normally sets in right after the decision or a choice is made. And because guilt stays with the individual over a period of time, sometimes becoming cumulative as we pointed out earlier, it may affect that individual’s future decisions. Its effects on future decision-making processes center on new val- ues being attached to the premises of the input set to the decision function. A guilty person re-examines his or her value set attached to all premises that come into play in the decision-making process. Sometimes guilt produces doubts about the present values attached to the premises, without producing new and better values. Guilt causes decision makers to agonize over deci- sions. An excess of guilt could cause an individual to withdraw from society, which could be more dangerous, because a withdrawn person may start to challenge the values attached to the premises as he or she tries to justify the guilt, resulting in bad decisions being made.
Although decisions are based on the outcome of an individual’s deliberations, considering all input parameters, attaching values to these premises calls for a thorough examination of each premise by the individual. This process is
aided by the individual reflecting on these basic steps (The.Canadian.Code. of.Ethics.for.Psychologists, 1991):
• Examining the ethically relevant issues, principles, standards, and prac- tices;
• Determining the different parties (and their special interests) who will be affected by your decision;
• Deciding on an alternative course of action if and when the outcome of the decision is not what is expected;
• Considering the probable consequences (short and long term) of each alternative on each of the parties involved;
• Thinking of consulting with a trusted colleague, if the situation is com- plex, risky, or there is undue personal involvement;
• Determining how personal values, biases, beliefs, or self-interests in-
fluenced the decision (either positively or negatively) and whether the
consequences of the decision have been evaluated; and
• Being prepared to (1) assume responsibility for the consequences of the action, including correction of negative consequences, if any, (2) re-en- gage in the decision-making process if the ethical issue is not resolved, and (3) evaluate the system(s) within which the issue arose, in order to identify and remove the circumstances that might facilitate and reward unethical practices.
Conclusion
We opened the chapter with a discussion of the centrality of decision mak- ing in our lives. Without decision making, we would have no autonomy, something that separates us from other creatures here on earth. As a central piece in our lives, we can use it to safeguard the information infrastructure. Good decisions are based on sound ethical frameworks, without which we may be faced with dilemmas that result in confusion.
An ethical framework can be built on both a formal and informal sound ethical education. It also can be hardened by other means of education, like licensing for workers in professions that support licensing. Licensing is an effective tool for enhancing education, which strengthens the ethical framework.
References
Humphreys, W. S. (1987). Managing. for. innovation—Leading. technical. people. Englewood Cliffs, NJ: Prentice Hall.
Jones, T. M. (1991). Ethical decision making by individuals in organization: An issue-contingent model. Association.of.Management.Review,.18(2), 366-395.
Kizza, J. M. (2002). Ethical.and.social.issues.in.the.information.age (2nd ed.). New York: Springer.
Kizza, J. M. (Ed.). (1996). Professionalism, ethical responsibility and ac- countability. In Social.and.ethical.effects.of.the.computer.revolution.
Jefferson, NC: McFarland Publishers, Inc.
Kizza, J. M. (Ed.). (1996). The role of professional organizations in pro- moting computer ethics. In Social.and.ethical.effects.of.the.computer. revolution. Jefferson, NC: McFarland Publishers, Inc.
The.minister.answers.questions.on.accountability.framework. Retrieved from http://ednet.edc.gov.ab.ca/level1/news/in-focus/accountability.htm
References:.California.community.colleges.(6870).Retrieved from http://www. lao.ca.gov/chf6870.html
References:.For.codes.of.ethics. Retrieved from http://rehab.educ.ucalgary. ca/lowser/edps581/references.html
The.Canadian.code.of.ethics.for.psychologists. (1991). Available: http://www. cycor.ca/Psych/pub.html or http://www.cycor.ca/Psych/ethics.html
Chapter.IV
Security,.Anonymity,.
and.Privacy
Introduction
All recent social, economic, and technological advances can be attributed to the dramatic advances in availability of information and the ability to access it easily and quickly. The increasing demand for information has driven the need for easier access to it. This almost obsessive demand for information together with the abundance of it on almost any topic have created privacy and security challenges. The value of information in our information-driven economies has made it into a valuable commodity so that having it means having superior intellectual, economic, and social status. It has become a vital resource in this information age. Along with it, we have to face the security and privacy challenges it has created.
The threat to privacy and security goes to the core of the problem of securing the information infrastructure. We cannot talk about a secure information
infrastructure if we cannot guarantee the security and privacy of individu- als and the information on the infrastructure. In this chapter, we discuss the centrality of security and privacy in the information infrastructure and also the role anonymity plays. Let us open the discussion with the necessary
definitions.
Security
The word security means, according to some dictionaries like Webster’s, the state of being safe and free from danger or risk. It can also mean protection (Kauffman, 1989). The meaning of security depends on what it is in refer- ence to. For example, in IT and computing, security means the prevention of unauthorized use of a device or software. In telecommunications, according to Wikipedia (2006), it means:
• A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts
or influences
• With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded
in the interests of national security
• Measures taken by a military unit—an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness
In general, security can be considered a means to prevent unauthorized access, use, alteration, and theft or physical damage to property. Security involves these three elements:
1. Confidentiality:vTo prevent unauthorized disclosure of information to third parties. This is important in a number of areas including the
disclosure of personal information like medical, financial, academic,
and criminal records.
2. Integrity: To prevent unauthorized modification of files and maintain
The alteration of information may be caused by a desire for personal gain or a need for revenge.
3. Availability: To prevent unauthorized withholding of information from those who need it when they need it.
Security, in general, covers a variety of areas. Our focus is security of the information infrastructure. Here security can be discussed by looking at the different aspects it takes. Let us look at these and discuss how each com- ponent of it can be secured or hardened. The overall goal is to get a secure infrastructure. Wikipedia.(2006) gives the following elements of information infrastructure security: • Physical security • Information security • Financial security • Human security • Computer security • Network security • Security standards
Physical.Security
The encyclopedia Wikipedia.(2006) defines physical security as a set of mea- sures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guard posts. A facility is also physi- cally secure if it is surrounded by a barrier like a fence, has secure areas both inside and outside, and can resist penetration by intruders. Physical security has been an essential security component and is as old as humanity itself. From time immemorial, human beings have been safeguarding themselves
and their property by building walls, moats, and fences and using fierce
animals and human guards. Kings and emperors used to use natural physi- cal features, like building dwellings on top of mountains, on islands, and on high cliffs. Although technology has provided great improvements to the old types of barriers, it has not diminished the need for physical security. Physical
security itself has four components: deterrence, prevention, detection, and response (Unger, 2005):
1. Deterrence: To discourage the would-be intruders from attempting to scale the physical barriers. It is meant to create an atmosphere that scares the intruders.
2. Prevention:.To stop these intruders who are either in the process or
planning to start the process of gaining access from gaining access. 3. Detection: To assume that if the intruder has succeeded or is in the
process of gaining access to the system, then there are ways to be able to “see” that intruder who has gained or who is trying to gain access. 4. Response: To use the after-effect situation and respond to the failures
of the first three mechanisms. It works by trying to stop and/or prevent
damage or access to a facility.
Through these four mechanisms, physical security prevents or deters at- tackers both from outside and inside from accessing the facility, resource, or information stored on physical media. In full use, both deterrence and prevention accomplish two things:
1. They slow down the attackers attempting to access the resource. Slow- ing down the intruder creates enough time for the detection mechanism to detect the attackers. And depending at what stage of the attack the intruders are at, detection can be followed by recovery.
2. They attempt to make the cost of access to the resource so high that the
would-be attacker may find it worthwhile to give up the attack, rather
than incur such high costs.